Hi Mohamed.
I will assume you have already created and Auth0 M2M Application for your Terraforming, and assigned the Auth0 Management API to the application. I will call this application the Terraform Client Application.
In your project, create an auth0.tf file. In the following code snippet, I have created an authorisation api and two service applications, that both have the audience set to the identifier of the authorisation api.
In the provider section, the domain is your environment tenant domain. If you have enabled custom domains, you must use the original auth0 domain and not your custom domain. The client_id and client_secret are the details of the Terraform Client Application I have mentioned above.
In the resource auth0_resource_server section you will need to add your domain. In fact the identifier can be any valid URL structure. The domain does not have to exist, as this field is only used as a unique identifier.
In the resource auth0_resource_server_scopes section, you can add as many scopes as you like. In this example, I’ve added the update:customer scope.
In the resource auth0_client_grant sections, you control which scopes the application is allowed to ‘give out’ when the service requests and access token.
provider “auth0” {
domain = “<your_tenant_domain>”
client_id = “<terroraform_client_application_client_id>”
client_secret = “<terroraform_client_application_client_id>”
}
################ Set Up Authorisation API
resource “auth0_resource_server” “service_scopes_api” {
name = “service-scopes-api”
identifier = “https://service-scopes-api.<your_domain>.com/”
}
############### Set Up Authorisation API Scopes
resource “auth0_resource_server_scopes” “service_scopes_api_scopes” {
resource_server_identifier = auth0_resource_server.service_scopes_api.identifier
scopes {
value = “read:customer”
description = “Read Customer data”
}
scopes {
value = “update:customer”
description = “Update Customer data”
}
scopes {
value = “read:address”
description = “Read Address data”
}
}
################ Set Up Customer Service
resource “auth0_client” “customer_service” {
name = “customer-service”
app_type = “non_interactive”
grant_types = [“client_credentials”]
description = “Application for customer service authorisation”
jwt_configuration {
lifetime_in_seconds = 86400
alg = “RS256”
}
}
############## Set Up Expected Scopes Of The Customer Service
resource “auth0_client_grant” “customer_service_grant” {
client_id = auth0_client.customer_service.id
audience = auth0_resource_server.service_scopes_api.identifier
scope = [“read:customer”]
}
################ Set Up Address Service
resource “auth0_client” “address_service” {
name = “address-service”
app_type = “non_interactive”
grant_types = [“client_credentials”]
description = “Application for address service authorisation”
jwt_configuration {
lifetime_in_seconds = 86400
alg = “RS256”
}
}
############## Set Up Expected Scopes Of The Address Service
resource “auth0_client_grant” “address_service_grant” {
client_id = auth0_client.address_service.id
audience = auth0_resource_server.service_scopes_api.identifier
scope = [“read:address”]
}
Once you have created your resources, you can test the api and applications by using Postman or Curl.
curl --location ‘https:///oauth/token’
–header ‘Content-Type: application/x-www-form-urlencoded’
–data-urlencode ‘client_id=<client_id_of_customer_service>’
–data-urlencode ‘client_secret=<client_secret_of_customer_service’
–data-urlencode ‘audience=https://service-scopes-api.<your_domain>.com/’
–data-urlencode ‘grant_type=client_credentials’
curl --location ‘https:///oauth/token’
–header ‘Content-Type: application/x-www-form-urlencoded’
–data-urlencode ‘client_id=<client_id_of_address_service>’
–data-urlencode ‘client_secret=<client_secret_of_address_service’
–data-urlencode ‘audience=https://service-scopes-api.<your_domain>.com/’
–data-urlencode ‘grant_type=client_credentials’
Give me a shout if you need for guidance
Kind regards
Richard
